CN1690910A - Fire locker and mechanisms for providing and using same - Google Patents

Fire locker and mechanisms for providing and using same Download PDF

Info

Publication number
CN1690910A
CN1690910A CNA2005100561736A CN200510056173A CN1690910A CN 1690910 A CN1690910 A CN 1690910A CN A2005100561736 A CNA2005100561736 A CN A2005100561736A CN 200510056173 A CN200510056173 A CN 200510056173A CN 1690910 A CN1690910 A CN 1690910A
Authority
CN
China
Prior art keywords
file
locking device
environment
request
component management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2005100561736A
Other languages
Chinese (zh)
Inventor
B·M·维尔曼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of CN1690910A publication Critical patent/CN1690910A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B01PHYSICAL OR CHEMICAL PROCESSES OR APPARATUS IN GENERAL
    • B01FMIXING, e.g. DISSOLVING, EMULSIFYING OR DISPERSING
    • B01F25/00Flow mixers; Mixers for falling materials, e.g. solid particles
    • B01F25/40Static mixers
    • B01F25/42Static mixers in which the mixing is affected by moving the components jointly in changing directions, e.g. in tubes provided with baffles or obstructions
    • B01F25/421Static mixers in which the mixing is affected by moving the components jointly in changing directions, e.g. in tubes provided with baffles or obstructions by moving the components in a convoluted or labyrinthine path
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • AHUMAN NECESSITIES
    • A01AGRICULTURE; FORESTRY; ANIMAL HUSBANDRY; HUNTING; TRAPPING; FISHING
    • A01KANIMAL HUSBANDRY; CARE OF BIRDS, FISHES, INSECTS; FISHING; REARING OR BREEDING ANIMALS, NOT OTHERWISE PROVIDED FOR; NEW BREEDS OF ANIMALS
    • A01K61/00Culture of aquatic animals
    • A01K61/10Culture of aquatic animals of fish
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B01PHYSICAL OR CHEMICAL PROCESSES OR APPARATUS IN GENERAL
    • B01FMIXING, e.g. DISSOLVING, EMULSIFYING OR DISPERSING
    • B01F23/00Mixing according to the phases to be mixed, e.g. dispersing or emulsifying
    • B01F23/20Mixing gases with liquids
    • B01F23/23Mixing gases with liquids by introducing gases into liquid media, e.g. for producing aerated liquids
    • B01F23/232Mixing gases with liquids by introducing gases into liquid media, e.g. for producing aerated liquids using flow-mixing means for introducing the gases, e.g. baffles
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B01PHYSICAL OR CHEMICAL PROCESSES OR APPARATUS IN GENERAL
    • B01FMIXING, e.g. DISSOLVING, EMULSIFYING OR DISPERSING
    • B01F23/00Mixing according to the phases to be mixed, e.g. dispersing or emulsifying
    • B01F23/20Mixing gases with liquids
    • B01F23/23Mixing gases with liquids by introducing gases into liquid media, e.g. for producing aerated liquids
    • B01F23/232Mixing gases with liquids by introducing gases into liquid media, e.g. for producing aerated liquids using flow-mixing means for introducing the gases, e.g. baffles
    • B01F23/2323Mixing gases with liquids by introducing gases into liquid media, e.g. for producing aerated liquids using flow-mixing means for introducing the gases, e.g. baffles by circulating the flow in guiding constructions or conduits
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B01PHYSICAL OR CHEMICAL PROCESSES OR APPARATUS IN GENERAL
    • B01FMIXING, e.g. DISSOLVING, EMULSIFYING OR DISPERSING
    • B01F23/00Mixing according to the phases to be mixed, e.g. dispersing or emulsifying
    • B01F23/20Mixing gases with liquids
    • B01F23/23Mixing gases with liquids by introducing gases into liquid media, e.g. for producing aerated liquids
    • B01F23/237Mixing gases with liquids by introducing gases into liquid media, e.g. for producing aerated liquids characterised by the physical or chemical properties of gases or vapours introduced in the liquid media
    • B01F23/2376Mixing gases with liquids by introducing gases into liquid media, e.g. for producing aerated liquids characterised by the physical or chemical properties of gases or vapours introduced in the liquid media characterised by the gas being introduced
    • B01F23/23761Aerating, i.e. introducing oxygen containing gas in liquids
    • B01F23/237612Oxygen
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B01PHYSICAL OR CHEMICAL PROCESSES OR APPARATUS IN GENERAL
    • B01FMIXING, e.g. DISSOLVING, EMULSIFYING OR DISPERSING
    • B01F23/00Mixing according to the phases to be mixed, e.g. dispersing or emulsifying
    • B01F23/20Mixing gases with liquids
    • B01F23/23Mixing gases with liquids by introducing gases into liquid media, e.g. for producing aerated liquids
    • B01F23/237Mixing gases with liquids by introducing gases into liquid media, e.g. for producing aerated liquids characterised by the physical or chemical properties of gases or vapours introduced in the liquid media
    • B01F23/2376Mixing gases with liquids by introducing gases into liquid media, e.g. for producing aerated liquids characterised by the physical or chemical properties of gases or vapours introduced in the liquid media characterised by the gas being introduced
    • B01F23/23762Carbon dioxide
    • CCHEMISTRY; METALLURGY
    • C02TREATMENT OF WATER, WASTE WATER, SEWAGE, OR SLUDGE
    • C02FTREATMENT OF WATER, WASTE WATER, SEWAGE, OR SLUDGE
    • C02F1/00Treatment of water, waste water, or sewage
    • C02F1/66Treatment of water, waste water, or sewage by neutralisation; pH adjustment
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B01PHYSICAL OR CHEMICAL PROCESSES OR APPARATUS IN GENERAL
    • B01FMIXING, e.g. DISSOLVING, EMULSIFYING OR DISPERSING
    • B01F2101/00Mixing characterised by the nature of the mixed materials or by the application field
    • B01F2101/305Treatment of water, waste water or sewage

Abstract

A file locker manages the storage and use of protected data for software objects. A protected environment maintains the cryptographic and isolative infrastructure to support sealing of data items for use by a trusted agent. The file locker uses the protected environment's sealing functionality to seal data items for the file locker's exclusive access. The file locker seals, to itself, files received from software objects, and provides those files upon request, and upon sufficient proof of the requestor's trustworthiness, authenticity, and/or identity. The file locker may be used to extend the protected environment's sealing functionality to legacy applications, without the legacy applications having to implement agents that can run in the protected environment and access the sealing functionality directly.

Description

File locking device and the mechanism that provides and use the file locking device
Technical field
The present invention relates generally to the calculating field, relate in particular to the mechanism that is used for data storage and retrieval.
Background technology
An ability that the aspect is the protected data security of computer safety system.Data can be protected by encrypting, and the computer safety system of correct running should prevent that data from appearing at outside the credible space with plain code (unencryption) form.
A method that realizes this categorical data protection provides a kind of believable operating environment, and wherein, credible program (or " agency ") can move and provide permission data to be sealed to the data water-tight equipment of trusted agent.The agency who moves in trusted context can be sealed to himself with data, and trusted context will refuse to be anyone the deblocking data except that the agency who data is sealed on it.In addition, this operating environment can use anti-tamper the resistance with isolation mech isolation test to walk around sealing.Thus; the data of sealing are protected in the sense: (1) provides the environment of water-tight equipment to be trusted and prevent that sealing from being broken, and (2) are sealed to agency on it with data and can be trusted and come protected data not used by mistake during by deblocking in data.
A problem of above-mentioned sealing mechanism is that water-tight equipment can only be used by trusted agent.Thus, wish that arbitrary software object of the water-tight equipment protected data (as, file) with trusted context must have (or) operate in the trusted context, and comprise the trusted agent that comes the function of the storage of management document and sealing with water-tight equipment alternately.This fact for legacy application (as, be designed at tradition, the word processing program or the spreadsheet program that move in the non-secure operating system) especially problematic, because these programs generally can't be moved (they only move its measurable and reliable small routine in behavior susceptible of proof ground usually) under trusted context.Non-security application can be write as has the special trusted agent of cooperating with it, is used for the relevant function of safety; Yet it realizes those application programs-generally do not have trusted agent early than specific safe computing platform legacy application-especially.In addition, even the application program that designs for considering Trusted Computing, each such application program comprises that the management sealed document is a trouble.The common apparatus that preferably provides a kind of sealing function that uses trusted context to protect and manage, wherein, this equipment can by various software objects (as, legacy application, operating system, virtual machine or the like) use.
In view of foregoing, need a kind of mechanism that overcomes the prior art shortcoming.
Summary of the invention
The invention provides a kind of file locking device (locker) that uses the data water-tight equipment to represent other physical protection file.The entity of wishing protected file offers the file locking device with this document.The file locking device uses the data water-tight equipment that this document is sealed to himself then, makes file thus under " monitoring " of file locking device.The entity of wishing the file under the monitoring of retrieving files lock can be to file locking device request this document.After fully having proved the right of request entity to the file of being asked, the file locking device impels file by deblocking, and provide this document to request entity.
In a preferred embodiment, the file locking device operate in support concurrent use have the environment of various credibilities (as, scope is from providing the open to the outside world environment of low guaranteed, to its behavior being provided high " credible " environment that guarantees to its behavior) platform on.On this platform, the data water-tight equipment can be the part of the foundation structure of trusted context; That is, trusted context can allow to operate in program in this environment or " agency " sealing data, makes that data can only be by the proxy retrieves of appointment in the sealing, and trusted context can use such as password, storer isolate, mechanism such as anti-tamper implements sealing.In addition, on this platform, the file locking device can be the agency who operates in the trusted context, and it can by receive file and with document sealing to himself come to other entity (within the trusted context with outside) the file protection service is provided.
Use the entity of file locking device to be, for example operate in program in the trusted context, operate in the program in other (more incredible) environment or wherein can move the entire environment of other program.The entity of wishing protected file offers the file locking device with file, and the file locking device arrives himself with document sealing.But the entity demand file, in this case, file locking device checking entity is authorized to come retrieving files, and can carry out any other and confirm test on request entity.The file locking device offers request entity with file then.
The entity of the use subtend file locking device demand file of file locking device can be transparent.For example, application program can use the application programming interface (API) or the system call of standard to open file, and API and system call can be updated and understand which file and be stored in trusted area, and which file is not.When file was stored in the trusted area, API communicated by letter with retrieving files with the file locking device.
Can be randomly, file locking device (or cooperation agent) can be in the behavior of the entity of monitoring request file in the process of this entity taking-up file.For example, when when untrusted environmental applications program is taken out file, file locking device or cooperation agent can be observed and/or controlling application program as possible, are not used by mistake when file is not under the monitoring of file locking device guaranteeing.
Hereinafter further feature of the present invention will be described.
Description of drawings
When read in conjunction with the accompanying drawings, can understand the detailed description of above general introduction and following preferred embodiment better.For purpose of the present invention is described, example constructions of the present invention has been shown in the accompanying drawing; Yet, the invention is not restricted to the ad hoc approach and the means that are disclosed.In the accompanying drawing:
Fig. 1 is the block diagram that wherein can realize the example calculations environment of each side of the present invention;
Fig. 2 is the block diagram that can be used and be can be used for data are sealed to the memory device of entity by a plurality of entities;
Fig. 3 is to use the storage of sealing to represent the block diagram of the file locking device of software object protected file;
Fig. 4 is that wherein the file locking device can be used for the block diagram of the illustrative case of protected file;
Fig. 5 is the process flow diagram according to the exemplary method of one aspect of the present invention protected file.
Embodiment
The example calculation device
Fig. 1 shows an example that is adapted at wherein realizing computingasystem environment 100 of the present invention.Computingasystem environment 100 only is an example of suitable computing environment, is not the limitation of hint to usable range of the present invention or function.Computing environment 100 should be interpreted as the arbitrary assembly shown in the exemplary operation environment 100 or its combination are had any dependence or demand yet.
The present invention can use numerous other universal or special computingasystem environment or configuration to operate.Be fit to use well-known computing system of the present invention, environment and/or configuration to include but not limited to: personal computer, server computer, hand-held or laptop devices, multicomputer system, the system based on microprocessor, set-top box, programmable consumer electronics, network PC, minicomputer, large scale computer, to comprise distributed computing environment of arbitrary said system or equipment or the like.
The present invention can describe in the general context environmental such as the computer executable instructions of being carried out by computing machine such as program module.Generally speaking, program module comprises routine, program, object, assembly, data structure or the like, carries out specific task or realizes specific abstract data type.The present invention also can put into practice in distributed computing environment, and wherein, task is carried out by the teleprocessing equipment that connects by communication network.In distributed computing environment, program module can be arranged in local and remote computer-readable storage medium, comprises memory storage device.
With reference to figure 1, be used to realize that example system of the present invention comprises the general-purpose computations device of computing machine 110 forms.The assembly of computing machine 110 can include but not limited to, processing unit 120, system storage 130 and will comprise that the sorts of systems assembly of system storage is coupled to the system bus 121 of processing unit 120.Processing unit 120 can be represented multiple Logical processing unit, as those processing units of supporting on the multiline procedure processor.System bus 121 can be any of some kinds of types of bus structure, comprises memory bus or Memory Controller, peripheral bus and the local bus that uses all kinds of bus architectures.As example but not limitation, this class architecture comprises ISA(Industry Standard Architecture) bus, MCA (MCA) bus, strengthens ISA (EISA) bus, Video Electronics Standards Association's (VESA) local bus and peripheral component interconnect (pci) bus (being also referred to as the Mezzanine bus).System bus 121 also can be implemented as point-to-point connection, exchange optical fiber, pci bus (PCI Express) waits other communication facilities fast.
Computing machine 110 generally includes various computer-readable mediums.Computer-readable medium can be can be by arbitrary usable medium of computing machine 110 visit, comprises the non-volatile media of easily becoming estranged, removable and removable medium not.As example but not the limitation, computer-readable medium comprises computer-readable storage medium and communication media.Computer-readable storage medium comprises to be used to store such as easily becoming estranged of realizing of arbitrary method of information such as computer-readable instruction, data structure, program module or other data or technology non-volatile, removable and removable medium not.Computer-readable storage medium includes but not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical disc storage, magnetic holder, tape, disk storage or other magnetic storage apparatus, maybe can be used for storing desired information and can be by arbitrary other medium of computing machine 110 visits.Communication media comprises computer-readable instruction, data structure, program module or other data usually in the modulated message signal such as carrier wave or other transmission mechanism, and comprises arbitrary information-delivery media.Term " modulated message signal " refers to be provided with or change in the mode that the information in the signal is encoded the signal of its one or more features.As example but not limitation, communication media comprises wire medium, as cable network or directly line connect, and wireless medium is as acoustics, RF, infrared and other wireless medium.Above-mentioned arbitrary combination also should be included within the scope of computer-readable medium.
System storage 130 comprises the computer-readable storage medium with easy mistake and/or nonvolatile memory form, as ROM (read-only memory) (ROM) 131 and random-access memory (ram) 132.Basic input/output 133 (BIOS) comprises as help the basic routine of transmission information between the element in computing machine 110 when starting, is stored in usually among the ROM 131.RAM 132 comprises addressable immediately or current data of operating of processing unit 120 and/or program module usually.As example but not the limitation, Fig. 1 shows operating system 134, application program 135, other program module 136 and routine data 137.
Computing machine 110 also can comprise other removable/not removable, easy mistake/nonvolatile computer storage media.Only make example, the disc driver 151 that Fig. 1 shows hard disk drive 141 that not removable, non-volatile magnetic medium is read and write, read and write removable, non-volatile disk 152 and to removable, nonvolatile optical disk 156, the CD drive of reading and writing as CD ROM or other light medium 155.Other that can use in the exemplary operation environment be removable/and not removable, easy mistake/nonvolatile computer storage media includes but not limited to tape cassete, flash card, digital versatile disc, digital video band, solid-state RAM, solid-state ROM or the like.Hard disk drive 141 passes through not removable memory interface usually, is connected to system bus 121 as interface 140, and disc driver 151 and CD drive 155 are connected to system bus 121 usually by the removable memory interfaces as interface 150.
Fig. 1 discussion and the driver that illustrates and related computer-readable storage medium thereof provide the storage of computer-readable instruction, data structure, program module and other data for computing machine 110.For example, in Fig. 1, hard disk drive 141 store operation systems 144, application program 145, other program module 146 and routine data 147 are shown.Notice that these assemblies can be identical with routine data 137 with operating system 134, application program 135, other program module 136, also can be different with them.Here give different labels to operating system 144, application program 145, other program module 146 and routine data 147 and illustrate that they are different copies at least.The user can pass through input equipment, as keyboard 162 and positioning equipment 161 (being often referred to mouse, tracking ball or touch pad) to computing machine 110 input commands and information.Other input equipment (not shown) can comprise microphone, operating rod, game mat, satellite dish, scanner or the like.These and other input equipment is connected to processing unit 120 by the user's input interface 160 that is coupled to system bus usually, but also can be connected with bus structure by other interface, as parallel port, game port or USB (universal serial bus) (USB).The display device of monitor 191 or other type also by interface, is connected to system bus 121 as video interface 190.Except that monitor, computing machine also can comprise other peripheral output device, as loudspeaker 197 and printer 196, connects by output peripheral interface 195.
Computing machine 110 can use one or more remote computers, operates in the networked environment that connects as the logic of remote computer 180.Remote computer 180 can be personal computer, server, router, network PC, peer device or other common network node, and generally include the relevant element of many or all above-mentioned and computing machines 110, although in Fig. 1, only show memory storage device 181.The logic that Fig. 1 describes connects and comprises Local Area Network 451 and wide area network (WAN) 452, but also can comprise other network.This class network environment is common in office, enterprise-wide. computer networks, Intranet and the Internet.
When using in the lan network environment, computing machine 110 is connected to LAN 171 by network interface or adapter 170.When using in the WAN network environment, computing machine 110 can comprise modulator-demodular unit 172 or other device, is used for by WAN 173, sets up communication as the Internet.Modulator-demodular unit 172 can be internal or external, is connected to system bus 121 by user's input interface 160 or other suitable mechanism.In networked environment, program module or its part relevant with computing machine 110 of description can be stored in the remote memory storage device.Be appreciated that it is exemplary that the network that illustrates connects, and also can use other device of setting up communication link between computing machine.
Shielded storage
An aspect of of the present present invention has been used a kind of shielded memory device, and it allows entity to deposit and seal data in this equipment.When data were sealed, it can not be visited by any entity except that the entity (or a plurality of entity) that data is sealed on it.Fig. 2 shows this shielded memory device 206 and uses.
Shielded memory device 206 can receive data from one or more entities, and stores the data that receive for this entity.For example, entity 202 (1), 202 (2) ..., 202 (n) each communicate by letter with shielded memory device 206, data are deposited in the shielded memory device 206.In the example of Fig. 2, entity 202 (1), 202 (2) ..., 202 (n) respectively to shielded memory device 206 provide data 204 (1), 204 (2) ..., 204 (n).Each of entity 202 (1) to 202 (n) can be sealed to himself with the data that store, and shielded memory device 206 provides the function of carrying out this sealing.Mean so that it can only come storage data to the mode that this entity discharges to entity " sealing " data.The sealing of data normally with password carry out-promptly so that the required key of data decryption only to data are sealed on it entity can with mode come enciphered data.As shown in Figure 2, data 204 (1), 204 (2) ..., 204 (n) each be sealed to respectively entity 202 (1), 202 (2) ..., 202 (n).
After storing in shielded memory device 206 and having sealed data, entity can be asked shielded memory device 206 that sealed data are provided and be returned hospitality realistic body.Before the deblocking data, shielded memory device is preferably carried out the checking 210 of request entity, to determine that request entity is the entity that it is claimed.For example, data 204 (1) are sealed to entity 202 (1), should not be provided for any entity except that entity 202 (1) thus.Thus; when the request to data 204 (1) enters in the shielded memory device 206; the entity really 202 (1) of shielded memory device affirmation request entity (as, by the certificate of verifying entity 202 (1), the hash of passing through computational entity 202 (1) or verification with or by upward carry out the test of any other type at entity 202 (1)).In one example, entity 202 (1) is associated with a proof vector 208, and it has specified the various security attributes of entity 202 (1), and entity 201 (1) also can comprise the certificate or the digital signature of entity 202 (1); This proof vector can be used for verifying its entity of claiming really of entity 201 (1).Verify that as the part that authentication/sign is verified the mode of these proof vectors, signature, certificate etc. is known to those skilled in the art, therefore need not in this description.
Generally speaking, the entity that can a certain mode identifies (as, software object, user etc.) can impel data to be sealed to himself.Usually, the entity of the sealed storage of request msg be software object (as, application program, agency, device driver or the like).
For the purpose of Fig. 2, suppose there is a certain shielded memory device that it can be sealed to entity with data, and when by any entity requests except that the entity that data is sealed on it, refusal is to the visit of sealing data.In addition, suppose that shielded memory device 206 has or runs on an environment, it has enough isolation, feature such as anti-tamper, to implement being sealed to the data of entity only to the addressable feature of this entity.The mode that realizes this protected memory device is apparent to one skilled in the art, therefore need not in this detailed description.In one example, shielded memory device may operate at the environment that the hardware that storer isolation, safe guidance and each platform cryptographic key are provided is implemented security.
File locking device as the entity that uses sealed storage
Can use one type entity of sealed storage is the file locking device.The file locking device receives file from software, and uses shielded memory device that those document sealings are arrived himself.The file locking device receives the request to file then, and management can provide the various policies of those files to the request software object.For example, when the request that receives file, the file locking device can determine whether the requestor has the access rights to the file of being asked, and and if only if when having this authority, can impel file deblocking from shielded storage.In addition, if the requestor has the access rights to file really, the behavior of the software object of monitor request when then the file locking device can require to be in outside " lock " at file is used the mistake of file to prevent this entity.
Fig. 3 shows from software object and receives file, and uses shielded memory device with the file locking device 302 of those document sealings to himself.In the example of Fig. 3, software object 310 has some data 301 that it wishes to be written out to file.Data 301 are written out to file 306 then, and this document is provided for file locking device 302, so that it is protected, should be noted that software object 310 can know or not know that it provides file to file locking device 306.In one example, software object 310 clear and definite and intentional the making of making file locking device 306 is used for protected file; In another example, software object 310 only uses the file of standard to write API, and the function that the file that writes out is stored in the file locking device is updated to this API.The various illustrative case that the use of file locking device wherein can take place are described in " illustrative case " joint hereinafter.
When file locking device 302 received file 306, file locking device 302 was stored in file 306 in the protected memory device 206.File locking device 302 is sealed to himself with file 306 then.It should be noted that, in a preferred embodiment, be sent to any file that file locking device 302 is used to store and be sealed to file locking device 302, and be not sealed to the primary source of this document-for example, file 306 is sealed to file locking device 302, and is not sealed to software object 310.As mentioned above, software object 310 may not know that it is using file locking device 302, and possibly can't directly use the storage of sealing; Thus, by with all document sealings to himself, file locking device 302 allows directly to use the software object of sealed storage to have benefited from some protection to sealed storage.
File locking device 302 is stored in file 306 in the shielded memory device 206.Preferably, file locking device 302 is associated identifier 304 with file 306.Identifier is identification document preferably, and also indicates the final addressable this document of which software object.Identifier 304 can be with file locking device 302 addressable index are stored, although identifier needn't be stored in the sealed storage.Particularly, file locking device 302 should be outside sealed storage Access Identifier, with when the request to this file enters, determine from sealed storage, to retrieve which file (and before deblocking, must satisfy what condition).
When file locking device 302 received request to the file under the monitoring of file locking device 302, file locking device 302 was carried out checking 312.Checking 312 is not limited to the checking of any particular type.In one example, 312 couples of requestors of checking carry out.For example, in Fig. 3, software object 310 demand files (as, it before had been sent to the identical file 306 under the monitoring of file locking device 302), and the part of the security that provides as file locking device 302, file locking device 302 is provided by the checking 312 of a certain type, the condition precedent of the file of asking as providing.The invention is not restricted to the checking 312 of any particular type, although example can comprise the identity of verifying software object 310 (as, verify the certificate of software object 310 or software for calculation object 310 verification and or hash and the value of being calculated compared or the like with the value of storage), or the verification of the authenticity of verification software object 310 (or the authenticity of the call stack of software object 310 etc.).Yet, in many cases, originally it is impossible carrying out checking on one's body the requestor, therefore file locking device 302 can carry out the checking of a certain other type-as, confirm that by require the user via the safety I/O he plans to edit specific file or signs in to the file locking device or sign in to the environment that the file locking device is moved by guaranteeing to be registered to the possessory human user of file is current.File locking device 302 is designed to guarantee satisfied some security parameter before providing file to the request software object, although the invention is not restricted to any specific security parameter group, or whether affirmation satisfies any specific mechanism of these parameters.
If verify that 312 result is favourable (that is, if satisfied the associated safety parameter), then file locking device 302 determines that software object 310 is authorized to come the file of retrieval request.File locking device 302 is communicated by letter with shielded memory device 206 then, with deblocking and retrieving files 306.File locking device 302 provides the part object 310 that eases back with file 306 then.
After software object 310 had been finished file 306, software object 310 can be by (comprising any modification that software object 310 is made) sending back file the monitoring of file locking device 302, the file that comes " registration " to be retrieved.
Should be noted that software object 310 is not limited to the software of any particular type.As example, software object 310 can be application program, application program the service broker, move the operating environment of other program, the virtual machine or the like of operation system thereon.
The exercisable illustrative case of file locking device
Wherein the exercisable illustrative case of file locking device is the system with a plurality of environment concurrent runnings of different securities or protection level.Fig. 4 shows such situation.
In Fig. 4, there are a plurality of environment (" environment 1 ", " environment 2 ", " environment 3 " and " environment 4 ") of concurrent operations.These environment can operated on the individual machine or on the distributed clusters of machines.Each environment can be the environment of any other type of operating system, virtual machine or the code that a certain type wherein can take place execution.Different environment keep with other isolation one each other of a certain level promptly, on a certain degree (although needn't arrive the degree of absolute certitude) at least operates in that generation should be possible under the interference that does not have another environment in environment.Different environment can provide different security levels.For example, environment 1 can be high security or the high environment that guarantees, it only allows very limited package operation, and less relatively function is provided, but also provide for the function of in this environment, carrying out with correct execution and not do not guarantee degree from the height of the invasion of the incident that causes in other environment.At the other end of scope, environment 4 can be wide-open environment, wherein, permits any code of operation, but for the invasion that originates from another environment or distort the assurance that provides few.Supervisory routine (hypervisor) or virtual machine monitor 404 (or a certain similar assembly) can be managed the concurrent operations of these environment, and also can provide the environment required service that is isolated from each other.
At environment 1 is that file locking device 302 moves as the software object in this environment under the sample situation of high security or high assurance environment.It is the feature-promptly of environment 1 that object in operating in environment 1 provides the ability of sealed storage; environment 1 provides the memory interface 406 of sealing; wherein; object in the environment 1 can use this interface to store the data in the memory device 402 of sealing (it can be the part of Fig. 2 and the shielded memory device 205 shown in 3 or identical with it), and data are sealed to they itself.The memory device 402 that should be noted that sealing is that the situation of the part of environment 1 only is an example; As an alternative, the memory device of sealing can be provided by virtual machine monitor/supervisory routine 404 or any other assembly with safe enough feature.
Various dissimilar software objects can use file locking device 302 to come store files.For example, application program 412 (operating in the environment 3 in this example) can be stored in file in the file locking device 302.As another example, environment 3 itself can be file to be stored in software object in the file locking device 302-for example, environment 3 can be by accepting the file that is used to store from application program, then they are stored in the file locking device 302, make the existence of file locking device 302 transparent the application program that operates in the environment 3.As another example, agency 410 (that is, operating in high the assurance in the environment with to operating in the applet that security service is provided than low guaranteed environmental applications program) can use file locking device 302 to come store files.Should be noted that agency 410 operates in the environment 1, wherein, it can use the memory interface 406 of sealing itself; Yet, for the agency 410 be use the service (as, file-management services etc.) of the file locking device 302 that provides by file locking device 302, rather than (repeatability ground) oneself to realize those services more easily.
When from file locking device 302 releasing documents (or being discharged into environment 3) for application program 402 uses; Protector (angel) 408 is the behavior of monitor application 402 (or environment 3) randomly, to guarantee that file is not used by mistake when file is in outside the monitoring of file locking device 302.Protector 408 is agencies of operation in environment 1, and its function is by monitoring that (and may control) its behavior makes the software object that operates in the lower-security environment safer.Although when file is in outside the monitoring of file locking device 302, monitor that its use is useful, yet be not that each security model all requires this supervision; For most of security models, file outside the monitoring of permission file locking device 302 is distorted, mistake is used and interference is acceptable, as long as in case determine that when file is registered the monitoring of palindrome part lock 302 it can not distorted, mistake is used or interference.
Hereinafter be described in some illustrative case that wherein can use file locking device 302.
Wherein can use the illustrative case of file locking device
Below be the illustrative case that can use the file locking device therein:
1. manual unlocking.Authorized user (determining) demand file lock release file by any modular system rule or by the user interface that directly signs in to the file locking device.The file locking device provides release (unencryption) copy of file to use for the user to the user usually, and keeps original file.Perhaps, can allow the direct access originator file of user.The file locking device does not give the user with key, and only provides the cleartext version of file to watch, edit or the like for the user.
Know about after the file of lock, the user uses common tool/application to handle it.
After finishing, the user submits to the file locking device with the file that changes.This document is encrypted and sealed to the file locking device then.
Can be randomly, be sent out back file retaine (server etc.) that it originates from before at file, can require the user to watch file difference inventory between the file of downloaded files and submission.This difference inventory video preferably safe in utilization shows (promptly, video with high assurance degree, guaranteed that the file locking device causes the difference that shows to be actually the difference that the user sees on screen, because the interception of video output can cause potential security breaches).
The user can be before file being submitted to the palindrome part lock arbitrary number of times ground editing files, perhaps editing files not fully; Perhaps, situation also can be that the user never submits file to palindrome part lock.
In this model, the file locking device can guarantee that file arrives user's machine and is not damaged or changes.It can guarantee that also file was not read or changes before the user requires to use file clearly, therefore the attack of any destruction of file or its content must when it " is opened ", take place (, at user side, outside the known control and monitoring of file) at the file locking device.
But the enough oriented users of file locking device prodigiosin show the ability of some file layout at least, make the user to read the file in the file locking device before safely these files of decision release (and be exposed to them virus or other security risk).
2. the release of projection.In the release of projection, it is specific diploid (binary) on approval list that the file locking device only is presented as file its code ID (codeID).Preferably, also require the user to login, make file can only be released to diploid and user's correct combination.Do not operate in the high code ID that guarantees the software object in the environment for calculating, adopted " projection " of certain form.In the present context, " projection " refers to such a case, operate in high agents monitor in the environment and/or the reflection of guaranteeing and operate in the non-high behavior that guarantees the software object in the environment, so that the security to a certain degree of the non-high behavior that guarantees software object to be provided.In this example; it can be such a case; the file locking device only to the Protector (promptly; guarantee that for specific non-high application program carries out the agency of above-mentioned projection); or to main protection person's (that is, to general application program and nonspecific application program or set of applications are carried out the agency of projection) deblocking and show data.In a preferred embodiment, the Protector directly is injected into data the address space of application program then.For example, operate in the non-high adjustable storehouse of the MICROSOFT EXCEL electrical form in the environment that guarantees, call the high environment that guarantees then with its version of calculating and code ID.The high environment that guarantees can be confirmed version and code ID.The high environment that guarantees will be used projection to the non-high environment (or at least to EXCEL program) that guarantees, so code ID will be reasonably durable (that is, people will edit the code of EXCEL be difficult).EXCEL and then call this storehouse, reading file data, and these data appear in the address space of EXCEL.Have from non-high some cooperation that guarantees environment, the Protector can be slit into sheets output (page out) at the page in the EXCEL space and before those pages be encrypted.It also can obstruct the trial to debugging EXCEL.
Therefore, in this model, trustor (local and remote) can confirm that only the version (not having not version of approved behavior of virus or other) through approval of file locking device and EXCEL can be seen expressly.In addition, owing to have drop shadow effect, this version of EXCEL is durable, and data are not expressly on dish.
(can be tolerated as, uncertainty EXCEL), and the main threat of prevention is being when being other software that this situation provides enough securities for the behavior of application-specific.In this situation, can use the feature that shows and before locking again, allow difference to compare by security video.
3. made up the file locking device of bottling (bottling)." bottling " refers to such a case, and one group of application program operates in the inside of container, subregion or " bottle ", wherein, kept other behavior predictability of a certain level and with the isolation of other bottle.For example, bottle can be or comprise some restricted operating system (as, the little configuration of WINDOWS XP), or have the visitor's of a certain operating operation of operation system virtual machine.Container, container handling system and the application program or the set of applications that operate in the container all are " bottles ".Can use projection to use the interior projection of bottle.
A given bottle, file locking device can be configured to file is discharged into bottle or the interior a certain specific application program of bottle, and only specialize the data of clear text format in bottle.(it is to use the password paging that bottle is done as a whole, in case therefore data are in bottle, it all is safe to outer anything of bottle.)
Situation #3 is the version of the stronger isolation of #2 in essence.It can play better action for the set of applications with dynamic link library tree etc. (as, MICROSOFT OFFICE application suite), and has made strong relatively statement for the operating system under the application program of bottling.(promptly, because the operating system in the bottle is preferably and is tied and certified mini operating system, therefore can trust largely, for example the driver of some dolus malus can be with Data Theft outside the application program that operates on the operating system, because the driver of this class dolus malus is not allowed to move in bottle.
4. first software object of file being submitted to the file locking device may be a Local or Remote, and may present a paper with encryption or unencryption form (as, the form that server can be encrypted in advance, perhaps encrypt, but the file locking device can send to the file locking device with file to the form that it is encrypted again) for transmission.Use one or more software objects of file to be different from first file to be placed in the lock software object-promptly, file can arrive lock from an object, and is used by different objects after a while.It can submitted (or not submitting to) return first object then, or submits to a certain different object.
5. file is submitted to (first) of file locking device but home town ruling that software object specified file lock will be implemented on file.This rule-like can comprise requirement such as: therefore all versions of (1) file all are logged, no matter what the different software object in another environment (as, untrusted environment) made changes, always change and can be undone.(2) require all changes to check by human user (safety input and safety output) with browser/difference reader of a certain type, and by the mankind prove " expection " (or expect) and with this proof with changing storage.This technology is to be useful under the relatively poor controlled situation at second software object of handling file.Basic thought is that the file locking device will be preserved for example all versions of the .doc file of word.With application program (as, Word) edited file and it is write back file locking device (may be pellucidly) afterwards, the file locking device can require the user to confirm.The user can adopt a kind of simple " reader " that is used for the .doc file in the trusted context that operate in, and tells directly that by the safety input these variations of file locking device are that the user expects.In this way, even virus cause bottom layer application program (as, Word) running unexpectedly is and with unexpected mode editing files, the user also can adopt the file locking device to cancel any such variation, or guarantees that only the variation of user's expection is able to " charging to daily record ".
6. represent first software object or local user's the file locking device can be to the various checking consistencies of file applications.For example, it can move virus on the file that is write out by application program and correctness is verified device.Basic thought is that file change will be saved, but " is not formally charged to daily record ", up to known file do not have virus, do not have destroyed or the like.This technology can with the technical combinations of above in #5, describing.
7. the file locking device can allow given software object access file, as long as adopt the human user of safety input to represent that it is allowed to do like this.This can finish on general basis (as, if user " fred " signs in to the file locking device, then any instrument can be seen the file of fred locking), or on the basis of special use, finish (as, when Word attempts to visit the file " my taxes 2003 " of fred, file locking device direct access inquiry fred this whether can).In addition, the user can " pre-release " all or specific file.(therefore, the user arrives the file locking device, and represents that they wish to use file a.doc and b.doc).Those files are allowed to visit (adopting or do not adopt the proof vector to verify).When user log off, perhaps may a certain overtime after, all these " visit allow " bits are expired.In addition, but user's release file be used to read or read and write.The user can carry out one group of specific change is charged to daily record or made version.
8. the file locking device can take symbol (stakesholder) based on two kinds of marks and vncsion history charged to or do not charged to daily record, preservation or do not preserve vncsion history.It can finish (perhaps as policy, perhaps as the answer to the document creation dialog box) under the order of human user, perhaps, it can be finished in response to the order that sends with this document when by first Object Creation.(therefore, the client computer of mandate can be provided with " preserve version, variation is charged to daily record, required the proof that changes " when document creation.)
9. when opening file, the file locking device can be pellucidly last certified version of backspace file always.
10. the file locking device can will store with file such as public summary infos such as filename, author, file thumbnails.The part of these summary infos can be derived (filename) acquiescently, and other summary info can be affixed to file when creating, and the other summary info can be by checking that for the file locking device a certain credible instrument of file calculates.The file locking device allows can see summary info from some service call of more incredible environment then, and other calls and will can't see any content, unless file is unlocked.For example, when the .GIFf file entered the file locking device, the software object that enters the file locking device can be to the thumbnail of file locking device statement this document.In when request, thumbnail (can be in different associated withs, or in stream, or the like) can be given its second software object of request.This permission, the file resource management device that for example operates in the common untrusted virtual machine (or other environment) can be seen thumbnail, filename, word.doc summary data or the like.It can allow keyword search.To require user's release file to be used to read but from file, read real data, or the release file is used for read/write, or second software object have correct proof vector or the like.
11. in one example, one type attack can be application program (as, Word) revised, to write junk information in the file and to delete backup version in a certain mode.For stopping the attack of this type, the file locking device can allow to last to guarantee that the variation of each proof of file is saved in telefile storage or the storage of local trusted file before certified version is further edited.Thus, adopt the program operate in the trusted context to prove to change when legal as the user at every turn, the file locking device with the encryption of this document /the hmac authentication, and optional version through signature sends to trusted storage or remote storage.When seeing this process success, file can be edited once more.In this environment, the virus on the client computers or other assailant remove the deletion user as the editor of proof of front opening/not, and make the user can not do any other thing outside the version of the last registration of long-range/trusted storage demand file.File locking device encrypt file and the ability that refusal discharges before the file locking device is satisfied to any requirement that can apply implement this regular ability for it.
Use the instantiation procedure of file locking device
Fig. 5 shows the instantiation procedure that the file locking device is used for the storage and retrieval file.At first, software object offers the file locking device with file, with under the monitoring that file is placed on the file locking device (502).The file locking device arrives himself (504) with document sealing then in sealed storage equipment.
After measuring in the past sometime, but software object demand file lock provides the part object (506) that eases back with file.The checking (508) of a certain type of file locking device executive software object; Checking as mentioned above, the invention is not restricted to the checking of any particular form, although can comprise the verification of the identity of asking software object, authenticity etc.
(510) if the verification passes, then the file with request offers software object (514).Software object have file during, file locking device (or a certain assembly of cooperating with the file locking device) can randomly monitor and/or the behavior (516) of control request software object, to guarantee that file is not used by mistake when taking out from the file locking device.When the request software object was finished this document, file was returned to the monitoring (518) of file locking device.
If 510, checking is not passed through, and then the file locking device can not impel file by deblocking, and file is not provided for request entity (512).
Should be noted that as in 516 not used by mistake be not compulsory to protected file when file is in outside the monitoring of file locking device.Although can realize when file is in outside the monitoring of file locking device, preventing the file locking device that file is used by mistake, file was not distorted when yet the file locking device was only guaranteed in the monitoring that is in the file locking device, and can what happened when not guaranteeing to be in outside the monitoring of file locking device, also be a kind of acceptable security model.Guarantee that only representing file when human user should leave its monitoring, perhaps when the human user of authorizing represented that it should be done like this, file just left its protection.
In the system that does not have " trusted storage ", but the encrypt file in the monitoring of assailant's deleted file lock has destroyed them thus and has lost the work that is not kept at other places.Even so, the file locking device also is useful in this environment.This is not because (a) it provablely has surprising modification to those files, and can force any being modified in all to be checked safely before being accepted, and (b) it can prevent that the content of file is demonstrated in any way when inertia is used.In the system with " trusted storage ", the file locking device can use it to guarantee that further file can be not deleted under its monitoring, and can keep the version of charging to daily record, even make outside its monitoring, only can lose the nearest change of file.
Notice that above-mentioned example only provides for the purpose of explaining, in office where face is not interpreted as limitation of the present invention.Although described the present invention, yet should be appreciated that word as used herein is the word of describing and illustrating with reference to various embodiment, and unrestricted word.In addition, although described the present invention with reference to specific device, material and embodiment herein, yet the present invention is not intended to be limited to the details explained; On the contrary, the present invention prolongs and falls into structure, method and the use of equivalence on all functions within the appended claims scope.The those skilled in the art who benefits from the study course of this instructions can implement various modifications and change under the situation of the scope and spirit that do not break away from each side of the present invention.

Claims (33)

1. a method of using document component management to come protected file is characterized in that, described method comprises:
Receive file from an object;
Use a data-storage system that described document sealing is arrived described document component management, described data-storage system can receive data from other assembly of specified class, and the data that receive are sealed to one or more described assemblies, make described data can not by not to its sealing data any assembly deblocking, described document component management is one of described appointment classification assembly;
Whether be authorized to open described file and limit visit based on sending object to the request of described file described file, make by described document component management for determining of whether being authorized to of the described object of the request of sending, be authorized to open file if send the described object of request, described document component management impels file deblocking from described data-storage system.
2. the method for claim 1 is characterized in that, also comprises:
Between the operating period, monitor and/or control the behavior of described object by described object at described file.
3. the method for claim 1 is characterized in that, the proof vector correlation connection of described object and the described object of a sign, and the described action of limiting access is based on the verification that the association of described object is proved vector.
4. the method for claim 1, it is characterized in that, described object comprises that one opens the program of described file by the File Open interface interchange, and wherein, described File Open interface interchange is configured to by the described file of described document component management request, thus, the use of described document component management is to described transparent to liking.
5. the method for claim 1 is characterized in that, but described object comprises wherein first operating environment of working procedure.
6. the method for claim 1, it is characterized in that, described method is to carry out on the calculation element that two or more operating environments are provided concomitantly, first of described environment is the high environment that guarantees, it provides other assurance of the first order to the expected behavior that meets first environment, second of described environment is the environment of relative low guaranteed, it provides the assurance of second level that described second environment is met the expected behavior of described second environment, the assurance of second level is lower than other assurance of the first order relatively, wherein, the ability of sealing data is features of described first environment in described data storage device, wherein, described document component management operates in the described first environment, and described object operates in the described second environment.
7. method as claimed in claim 6 is characterized in that the classification of described appointment is limited to the assembly that operates in the described first environment.
8. the method for claim 1 is characterized in that, the described object that sends the request of file is different from the object that receives file from it, and the object that sends request is authorized to open file.
9. the method for claim 1 is characterized in that, applies a rule from its object that receives file in the use of described file.
10. method as claimed in claim 9 is characterized in that, described rule is following at least one:
All previous versions of file are charged to the requirement of daily record, and thus, the previous version that is kept at the file in the described file locking device can be resumed; And
The user participates in the requirement with the input session of file locking device before by file locking device store files, described session is carried out in the following manner: guarantee that the user expresses the expectation of preserving file for certain, and be provided at the chance of watching under the situation that high relatively assurance degree is provided any change of file to the user, described high relatively assurance degree has guaranteed any change that the view of the file that the user sees correctly shows file and makes.
11. method as claimed in claim 9 is characterized in that, also comprises:
Storage is about the summary info of described file, and wherein, described document component management permits not allowing to visit summary info under at least one situation of access file.
12. a file locking device that comprises logic, described logic receive file, impel described file to be sealed to described file locking device so that described file can only by file locking device deblocking, from object receive request to described file, whether the described object of checking is authorized to receive described file and whether is authorized to receive described file according to described object provides described file maybe can not provide described file to described object.
13. file locking device as claimed in claim 12 is characterized in that, described file locking device is operated providing on the calculation element of two or more operating environments, and described file locking device is operated in first of described environment.
14. file locking device as claimed in claim 13 is characterized in that, and is described to liking second environment.
15. file locking device as claimed in claim 13 is characterized in that, described object is operated in second of described environment.
16. file locking device as claimed in claim 15 is characterized in that, described first environment provides than the relative higher protection level of avoiding threatening of described second environment.
17. file locking device as claimed in claim 16 is characterized in that an assembly is carried out in described first environment, it monitors and/or controls the behavior of described object in by described object use at described file.
18. file locking device as claimed in claim 16 is characterized in that, has the required cryptographic key of the described file of a deblocking, and described first environment provides one to guarantee rank to guarantee that described cryptographic key can not use outside described first environment.
19. file locking device as claimed in claim 12, it is characterized in that, the proof vector correlation connection of described object and the described object of a sign, and described logic is confirmed described proof vector, if and described proof vector affirmation failure, then refuse visit to described object.
20. file locking device as claimed in claim 12 is characterized in that, is different from the object that receives described file from it from its described object that receives described request, and wherein, is authorized to receive described file from its described object that receives described request.
21. file locking device as claimed in claim 12 is characterized in that, described file locking device will be charged to daily record by all versions of described file locking device reception or the described file that stores.
22. file locking device as claimed in claim 12, it is characterized in that, described file locking device participates in the interactive session with the user when receiving described file, described conversation request user confirms to store the expectation of the current version of described file, described session comprises the communication between described file locking device and the described user, it takes place providing under other situation of high relatively assurance level, and described assurance rank guarantees that the communication between described file locking device and the described user is without prejudice.
23. one kind with computer executable instructions calculation of coding machine computer-readable recording medium, described instruction is used to carry out a kind of method, comprising:
Receive file at a document component management place;
Described document sealing is arrived described document component management;
From the request of requestor reception to described file;
Checking described request person is authorized to receive described file;
If described request person is authorized to receive described file, the described file of deblocking then, and described file offered described request person, otherwise, the described file of deblocking not, and described file is not offered described request person.
24. computer-readable medium as claimed in claim 23 is characterized in that, also comprises:
Protect described file not accessed, unless be verified as when being authorized to receive described file when receiving from described request person's request and described request person.
25. computer-readable medium as claimed in claim 23 is characterized in that, described file receives from described request person at described document component management place.
26. computer-readable medium as claimed in claim 23 is characterized in that, described request person is the software object that generates or handle described file.
27. computer-readable medium as claimed in claim 26, it is characterized in that, described request person offers described document component management by an interface with described file, and described interface makes the existence of described document component management or uses described request person is transparent.
28. computer-readable medium as claimed in claim 26; it is characterized in that; described document component management is operated in first environment; and described request person operates in second environment; and wherein, described first environment provides than the relative higher isolation of avoiding one group of defined threat or the protection level of described second environment.
29. computer-readable medium as claimed in claim 28, it is characterized in that, described document component management arrives described document component management by using a data storage device with described document sealing, described data storage device can be used the entity of operating in described first environment, and unavailable to the entity of operating in any environment except that described first environment.
30. computer-readable medium as claimed in claim 28 is characterized in that, described method also comprises:
Use a assembly in the described first environment to monitor in the process that described file is used by described request person and/or control described request person's behavior, described thus file is protected in described file and exempts from wrong the use during by deblocking.
31. computer-readable medium as claimed in claim 23 is characterized in that, also comprises:
Use to described file applies a rule, and described rule comprises following at least one:
Each version of file is charged to the requirement of daily record before the redaction with file is saved in the described document component management, thus, the previous version of described file can be retrieved; And
The requirement that described document component management and user participate in communicating by letter before the redaction with described file is saved in described document component management, wherein, described communication takes place under the situation that high relatively assurance degree is provided, and described assurance degree guarantees that described communication is without prejudice.
32. computer-readable medium as claimed in claim 31 is characterized in that, described communication comprises and shows to the user and to be ready being kept at the redaction of the described file in the described document component management, and requires the user to confirm that described redaction is acceptable to the user.
33. computer-readable medium as claimed in claim 23 is characterized in that, also comprises:
Before described file is saved in described document component management, verify that described file meets a preassigned.
CNA2005100561736A 2004-04-23 2005-03-23 Fire locker and mechanisms for providing and using same Pending CN1690910A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/831,596 US7330981B2 (en) 2004-04-23 2004-04-23 File locker and mechanisms for providing and using same
US10/831,596 2004-04-23

Publications (1)

Publication Number Publication Date
CN1690910A true CN1690910A (en) 2005-11-02

Family

ID=34939186

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2005100561736A Pending CN1690910A (en) 2004-04-23 2005-03-23 Fire locker and mechanisms for providing and using same

Country Status (5)

Country Link
US (1) US7330981B2 (en)
EP (1) EP1594032A3 (en)
JP (1) JP2005310122A (en)
KR (1) KR20060045000A (en)
CN (1) CN1690910A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102982262A (en) * 2011-09-12 2013-03-20 微软公司 Security mechanism for developmental operating systems
CN103927152A (en) * 2013-01-14 2014-07-16 北大方正集团有限公司 File processing method and device
CN106127071A (en) * 2016-06-22 2016-11-16 惠州Tcl移动通信有限公司 A kind of file access guard method based on mobile terminal, system and mobile terminal

Families Citing this family (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8181255B2 (en) * 2004-06-22 2012-05-15 Nds Limited Digital rights management system
US20060259947A1 (en) * 2005-05-11 2006-11-16 Nokia Corporation Method for enforcing a Java security policy in a multi virtual machine system
CN100464295C (en) * 2006-05-17 2009-02-25 联想(北京)有限公司 Safety inputting method based on virtual machine
US8826023B1 (en) * 2006-06-30 2014-09-02 Symantec Operating Corporation System and method for securing access to hash-based storage systems
WO2008018055A2 (en) * 2006-08-09 2008-02-14 Neocleus Ltd Extranet security
EP2130322B1 (en) * 2007-03-21 2014-06-25 Intel Corporation Protection against impersonation attacks
WO2008114256A2 (en) * 2007-03-22 2008-09-25 Neocleus Ltd. Trusted local single sign-on
JP4877193B2 (en) * 2007-10-26 2012-02-15 日本電気株式会社 Version management system and version management method
US8474037B2 (en) * 2008-01-07 2013-06-25 Intel Corporation Stateless attestation system
EP2088743B1 (en) 2008-02-11 2013-07-03 Accenture Global Services Limited Digital file locker
US8429180B1 (en) * 2008-03-31 2013-04-23 Symantec Corporation Cooperative identification of malicious remote objects
EP2286333A4 (en) * 2008-06-05 2012-08-08 Neocleus Israel Ltd Secure multi-purpose computing client
US8122514B2 (en) * 2008-07-30 2012-02-21 Microsoft Corporation Software enhanced trusted platform module
JP5081761B2 (en) * 2008-08-05 2012-11-28 富士通株式会社 Archive device, unauthorized access detection method, and unauthorized access detection program
KR101016615B1 (en) * 2008-09-10 2011-02-22 소프트캠프(주) Transmission system and transmission method of Security file by API of executable file type
JP4653230B2 (en) * 2008-09-22 2011-03-16 株式会社エヌ・ティ・ティ・ドコモ API inspection device and condition monitoring device
US8161285B2 (en) * 2008-09-26 2012-04-17 Microsoft Corporation Protocol-Independent remote attestation and sealing
US8468344B2 (en) * 2009-05-26 2013-06-18 Raytheon Company Enabling multi-level security in a single-level security computing system
US8745385B2 (en) * 2009-06-24 2014-06-03 Raytheon Company System and method for protecting data with multiple independent levels of security
US8627112B2 (en) * 2010-03-30 2014-01-07 Novell, Inc. Secure virtual machine memory
US9426652B2 (en) * 2010-09-09 2016-08-23 Joseph Nutaro High assurance authorization device
US20120222051A1 (en) * 2011-02-25 2012-08-30 Microsoft Corporation Shared resource access verification
US9210190B1 (en) 2012-05-09 2015-12-08 Andrew John Polcha Leveraging digital security using intelligent proxies
EP2686805A4 (en) * 2011-10-31 2016-02-24 Hewlett Packard Development Co File lock preservation
US9875239B2 (en) * 2012-03-19 2018-01-23 David W. Victor Providing different access to documents in an online document sharing community depending on whether the document is public or private
US9594767B2 (en) 2012-03-19 2017-03-14 David W. Victor Providing access to documents of friends in an online document sharing community based on whether the friends' documents are public or private
US9355384B2 (en) 2012-03-19 2016-05-31 David W. Victor Providing access to documents requiring a non-disclosure agreement (NDA) in an online document sharing community
US20140082752A1 (en) * 2012-09-17 2014-03-20 International Business Machines Corporation Read-Once Data Sets and Access Method
US10732858B2 (en) 2017-01-19 2020-08-04 International Business Machines Corporation Loading and storing controls regulating the operation of a guarded storage facility
US10579377B2 (en) 2017-01-19 2020-03-03 International Business Machines Corporation Guarded storage event handling during transactional execution
US10452288B2 (en) 2017-01-19 2019-10-22 International Business Machines Corporation Identifying processor attributes based on detecting a guarded storage event
US10496311B2 (en) 2017-01-19 2019-12-03 International Business Machines Corporation Run-time instrumentation of guarded storage event processing
US10725685B2 (en) 2017-01-19 2020-07-28 International Business Machines Corporation Load logical and shift guarded instruction
US10496292B2 (en) 2017-01-19 2019-12-03 International Business Machines Corporation Saving/restoring guarded storage controls in a virtualized environment

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6704753B1 (en) * 1998-01-29 2004-03-09 International Business Machines Corporation Method of storage management in document databases
US6226618B1 (en) * 1998-08-13 2001-05-01 International Business Machines Corporation Electronic content delivery system
US6343297B1 (en) * 1998-12-30 2002-01-29 International Business Machines Corporation Methods, systems and computer program products for providing document management for software development systems
US6658406B1 (en) * 2000-03-29 2003-12-02 Microsoft Corporation Method for selecting terms from vocabularies in a category-based system
US7051200B1 (en) * 2000-06-27 2006-05-23 Microsoft Corporation System and method for interfacing a software process to secure repositories
US7107518B2 (en) * 2001-04-03 2006-09-12 Microsoft Corporation Automating a document review cycle
US20030037237A1 (en) * 2001-04-09 2003-02-20 Jean-Paul Abgrall Systems and methods for computer device authentication
JP4089171B2 (en) * 2001-04-24 2008-05-28 株式会社日立製作所 Computer system
US7159240B2 (en) * 2001-11-16 2007-01-02 Microsoft Corporation Operating system upgrades in a trusted operating system environment
US7137004B2 (en) * 2001-11-16 2006-11-14 Microsoft Corporation Manifest-based trusted agent management in a trusted operating system environment
US7890771B2 (en) * 2002-04-17 2011-02-15 Microsoft Corporation Saving and retrieving data based on public key encryption
JP2003330804A (en) * 2002-05-13 2003-11-21 Matsushita Electric Ind Co Ltd Image storage display device and image storage display method

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102982262A (en) * 2011-09-12 2013-03-20 微软公司 Security mechanism for developmental operating systems
CN102982262B (en) * 2011-09-12 2015-11-25 微软技术许可有限责任公司 For the security mechanism of operating system developed
CN103927152A (en) * 2013-01-14 2014-07-16 北大方正集团有限公司 File processing method and device
CN103927152B (en) * 2013-01-14 2017-07-14 北大方正集团有限公司 A kind of document handling method and device
CN106127071A (en) * 2016-06-22 2016-11-16 惠州Tcl移动通信有限公司 A kind of file access guard method based on mobile terminal, system and mobile terminal
CN106127071B (en) * 2016-06-22 2020-03-06 惠州Tcl移动通信有限公司 File access protection method and system based on mobile terminal and mobile terminal

Also Published As

Publication number Publication date
JP2005310122A (en) 2005-11-04
US20050257048A1 (en) 2005-11-17
EP1594032A2 (en) 2005-11-09
KR20060045000A (en) 2006-05-16
US7330981B2 (en) 2008-02-12
EP1594032A3 (en) 2006-07-19

Similar Documents

Publication Publication Date Title
CN1690910A (en) Fire locker and mechanisms for providing and using same
US9348984B2 (en) Method and system for protecting confidential information
JP5270694B2 (en) Client computer, server computer thereof, method and computer program for protecting confidential file
US9070112B2 (en) Method and system for securing documents on a remote shared storage resource
JP4167300B2 (en) Data processing method and apparatus
US7146644B2 (en) Data security system and method responsive to electronic attacks
US8204233B2 (en) Administration of data encryption in enterprise computer systems
US20040143736A1 (en) File system operation and digital rights management (DRM)
US9747455B1 (en) Data protection using active data
CN101925913A (en) Method and system for encrypted file access
KR20100133953A (en) System and method for securing data
CN1609810A (en) Providing secure input and output to a trusted agent in a system with a high-assurance execution environment
US8683549B2 (en) Secure data storage and retrieval incorporating human participation
RU2691228C2 (en) Cancellation protection of possible confidential data elements
US8776258B2 (en) Providing access rights to portions of a software application
CN115277143A (en) Data secure transmission method, device, equipment and storage medium
US20150286839A1 (en) Methods, systems, and apparatus to protect content based on persona
US8738531B1 (en) Cryptographic distributed storage system and method
CN109033882A (en) A kind of safe dissemination method of retrospective big data and system
Landwehr 10 Engineered Controls for Dealing with Big Data
KR102631080B1 (en) Docker image authentication apparatus and method using homomoriphic encryption
Nyamwaro Application for enhancing confidentiality and availability for sensitive user data using AES algorithm in smartphone devices
Pitropakis Detecting malicious insider threat in cloud computing environments
Tedeschi Patterns for ethical decisions in information systems security
Victor et al. Survey on Effective Disposal of E-Waste to Prevent Data Leakage

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
AD01 Patent right deemed abandoned

Effective date of abandoning: 20051102

C20 Patent right or utility model deemed to be abandoned or is abandoned